Type
Campaign
Actors
UNC5221
Pub. date
January 10, 2024
Initial access
0-day vulnerability
Impact
Unknown
Observed tools
PySoxyLIGHTWIRETHINSPOOLWARPWIREWIREFIREenum4LinuxZIPLINEBUSHWALKCHAINLINEFRAMESTINGImpacketCrackMapExeciodineDSLog
Targeted technologies
Ivanti Connect Secure VPN
References
https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gatewayshttps://www.mandiant.com/resources/blog/suspected-apt-targets-ivanti-zero-dayhttps://www.mandiant.com/resources/blog/investigating-ivanti-zero-day-exploitationhttps://quointelligence.eu/2024/01/unc5221-unreported-and-undetected-wirefire-web-shell-variant/https://www.synacktiv.com/publications/krustyloader-rust-malware-linked-to-ivanti-connectsecure-compromiseshttps://www.volexity.com/blog/2024/01/10/active-exploitation-of-two-zero-day-vulnerabilities-in-ivanti-connect-secure-vpn/https://www.volexity.com/blog/2024/01/18/ivanti-connect-secure-vpn-exploitation-new-observations/https://www.orangecyberdefense.com/global/blog/research/ivanti-connect-secure-journey-to-the-core-of-the-dslog-backdoorhttps://therecord.media/cisa-takes-two-systems-offline-following-ivanti-compromise
Status
Stub
Last edited
Jun 2, 2024 8:02 AM